RegexVisualizer

Security checks across malware telemetry and agentic risk

Overview

This is a local regex diagram exporter; its browser launch and file output behavior match its stated purpose, with normal CLI safety caveats.

Install only if you are comfortable running npm install in the skill directory and letting Puppeteer launch your local Chrome or Edge. Use a project or temporary directory for --out, avoid important existing filenames, and only pass --chrome paths you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The script accepts an arbitrary executable path from user input via --chrome and then launches it. In an agent setting, this can be abused to execute an unintended local binary under the agent's privileges, turning a rendering utility into a general local program launcher.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal